French authorities confirmed that they arrested IntelBroker, one of the most well-known and active hackers in recent years. This individual had been under investigation for attacking large technology companies and leaking confidential data from several Mexican companies.
Although the arrest took place in February, it was not until now that the Paris Prosecutor's Office made it official, following a series of operations that also shut down BreachForums, one of the main illegal markets where stolen information was bought and sold.
Although IntelBroker became famous for messing with giants such as Cisco, Microsoft, and even Europol, he also had Mexico in his sights. Several national companies ended up on his list of victims, and the attacks were quite serious.
In one of his posts on BreachForums, the hacker published no less than 6.74 GB of source code and internal documents from the Mexican bank Actinver. According to him, he managed to break into the corporate intranet and put all that material up for sale. Anyone could download it... as long as they paid with credits on the platform.
He also targeted PYLC, a Mexican insurance company, and leaked a database containing information on some 63,000 users. The exposed data included RFCs, policies, premiums, agent names, payment methods, automatic renewals, and even internal tokens. Basically, everything needed to set up a large-scale fraud.
And as if that weren't enough, in the same ad offering stolen data from Cisco, IntelBroker claimed to have also accessed systems of related companies, including AT&T Mexico, from which it allegedly extracted source code used in production.
According to the Paris Public Prosecutor's Office, IntelBroker is a British citizen who was arrested in February 2025 and is currently in preventive detention. We are not talking about just any hacker: the authorities accuse him of running BreachForums, one of the most active cybercrime forums, especially after its original creator, known as Pompompurin, was arrested in 2023.
IntelBroker not only launched complex cyberattacks on his own, but also administered this kind of “digital black market,” where stolen data, access to business systems, malware, and even forged documents were bought and sold. He always signed his posts as “IntelBroker,” although he sometimes also used the alias “EnergyWeaponUser.”
His reputation within the forum grew rapidly. He started as a user, then became a moderator, and eventually became one of the main administrators, handling illegal transactions and controlling much of the traffic of confidential data from companies and governments in various countries.
Read more: Top 10 Deep Web and Dark Web Forums
BreachForums served as a meeting point for hackers from around the world. Unlike other forums hidden on the dark web, this one was accessible from the clear web, making it easier for those who wanted to buy or sell all kinds of stolen information. IntelBroker was part of the team that revived and maintained it, especially after previous shutdowns caused by police operations.
But after his arrest, activity on the site dropped almost to zero. And the final blow came on June 23, when French police captured four other key administrators: “ShinyHunters,” “Hollow,” “Noct,” and “Depressed.” With that, the forum's fate was practically sealed.
This operation was made possible by intense collaboration between French and US authorities. French prosecutor Laure Beccuau even publicly thanked the FBI and the Department of Justice (DOJ) for the quality of the information shared and the joint work that made it possible to identify and track down those responsible.